MODSYSCF - CUSTOMS OFFICE CONFIGURATION Ó UNCTAD - SITE (V1.15) 9.9 Security Group Profiles ASYCUDA Access controls, General The purpose of access controls is to prevent  UNAUTHORISED  access  to  a  system,  and  to  limit Authorised Users to those areas and activities that they are allowed to use. For example, in a Bank, customers only have access up to the counter, and different levels of staff have access to different areas of the bank premises. In  a  computerised  system,  it  is  possible  to  allow  ‘No  Access  to  Files’,  ‘Read  Files  without  Write Access’, ‘Write Files without Read Access’, or full ‘Read and Write Access’. Access controls can consist of all or some of the following: Physical Controls Computer rooms should be secure, with access allowed to operators and system managers only. Computers and Monitors should be sited so as to enable unauthorised access to be obvious. For example, glass doors or internal windows can allow users to see any unauthorised persons. Keys Some  computers  and  terminal  are  fitted  with  a  Lock,  which  locks  the  Keyboard,  and  so  prevent unauthorised use without the correct Key. In the absence of a Lock on the computer, the keyboard could be removed from the computer, and locked away. Passwords Most  systems  start  from  a  menu  that  requires  the  user  to  enter  his  or  her  name,  (sometimes referred to as ACCOUNT), and Password. Password   protection   has   the   advantage   of   deterring   casual   browsers,   and   limiting   access   to sensitive  data.  Furthermore,  dangerous  parts  of  the  system,  e.g.  areas  with  the  potential  for damaging the system or files, can be out of bounds to inexperienced users. The danger with passwords is that they can give a false impression of security, where none may exist, e.g. if passwords are poorly controlled, or incorrectly set up. The  following  list,  although  not  exhaustive,  gives  some  of  the  ways  of  making  passwords  more effective. ·     Choose passwords that are difficult to break.  Do  NOT use personal data, e.g. family names, as  they  are  easily  guessed.  Use  a  mixture  of  letters  and  numbers  or  other  non-alphabetical characters, e.g. ! & $. ·     Change passwords at regular intervals, and ALWAYS when someone leaves. ·     Do have a master password that allows the system manager to gain access to the passwords, to alter, or to look up a password that a user has forgotten. ·     Do not use passwords like MASTER, MANAGER or SUPERVISOR etc. Do  not  leave  passwords  written  down  for  anyone  else  to  see;  and Never tell a colleague your password.